United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 223 13-1450 
www.usplo.gov 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



10/042,804 



10/29/2001 



22434 7590 03/24/2005 

BEYER WEAVER & THOMAS LLP 
P.O. BOX 70250 
OAKLAND, CA 94612-0250 



Jianghao Li 



TRNDP005 



5044 



EXAMINER 



ANANTHANARAYANAN, RAMYA 



ART UNIT 



PAPER NUMBER 



2131 

DATE MAILED: 03/24/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



\jiu\*xs mciiuu oufTifficti y 


Application No. 
10/042,804 


Applicant(s) ^ 
LI, JIANGHAO 


Examiner 

Ramya Ananthanarayanan 


Art Unit 

2131 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 



Period for Reply 
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earned patent term adjustment. See 37 CFR 1.704(b). 
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10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 
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1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
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application from the International Bureau (PCT Rule 17.2(a)). 
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1. Claims 1-30 have been examined. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

3. Claims 5, 7-10, 15-20, 25-30 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Chess et al. (U.S. Patent 5,485,575). 

With respect to claim 5, Chess et al. disclose a method for generating a virus signature, the 
method comprising: 

Receiving a portion of interpreted language source code containing a computer virus 
(column 4, lines 38-39); 

Generating a language-independent representation of the computer virus (column 1 1 , 
lines 55-58); and 

Storing the language-independent representation of the computer virus as a virus 
signature (column 11, lines 55-58). 

4. With respect to claim 7, Chess et al. disclose a method wherein the virus signature is 
compiled in binary format (column 17, lines 15-20). 
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5. With respect to claim 8, Chess et al. disclose a method, wherein the language independent 
representation is a linearized string of key actions (column 12, lines 43-45). 

6. With respect to claim 9, Chess et al. disclose a method, wherein the virus signature includes 
input from a virus analyst (column 11, lines 39-56). 

7. With respect to claim 10, Chess et al. disclose a method, further comprising: 

Parsing the portion of interpreted language source code into tokens (column 1 1, lines 47- 
49); and 

Generating the language- independent representation of the computer virus using at least a 
portion of the tokens (column 11, lines 47-49, lines 55-58). 

8. With respect to claim 15, Chess et al. disclose a method for generating a virus signature from 
a portion of interpreted language source code including a computer virus, the method 
comprising: 

Receiving a portion of interpreted language source code containing a computer virus 
(column 4, lines 38-39); 

Parsing the portion of the interpreted language source code containing the computer virus 
into tokens to generate tokenized source code, wherein at least some of the tokens represent key 
actions (column 11, lines 47-49); 

Extracting key actions from the tokenized source code (column 11, lines 47-49), 

Linearizing the key actions to generate an executing thread (column 12, lines 43-45); 
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Determining the set of minimum key actions in the executing thread required to effect the 
computer virus (column 11, lines 55-58); and 

Storing the set of minimum key actions as a virus signature (column 11, lines 55-58). 

9. With respect to claim 16, Chess et al. disclose a method, further comprising: 

Compiling the virus signature in binary format (column 17, lines 15-20). 

10. With respect to claim 17, Chess et al. disclose a method, further comprising: 

Compiling the virus signature with data input by a virus analyst (column 11, lines 39-56); 

and 

Storing the virus signature as part of a virus pattern file (column 17, line 20). 

1 1 . With respect to claim 18, Chess et al. disclose a method, wherein the virus pattern file 
further includes a dictionary of key actions (column 17, line 20; column 11, lines 55-58; Each 
signature consists of key actions.). 

12. With respect to claim 19, Chess et al. disclose a method, wherein the portion of the 
interpreted language source code is lexically parsed (column 13, line 9-10). 

13. With respect to claim 20, Chess et al. disclose a method, wherein the portion of the 
interpreted language source code is lexically and grammatically parsed (column 13, line 9-10; 
column 1 1 , lines 60-64). 
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14. With respect to claim 25, Chess et al. disclose a computer readable medium containing 
program code (column 4, lines 5-7, 16-18) for generating a virus signature from a portion of 
interpreted language source code including a computer virus, the computer readable medium 
comprising instructions for: 

Receiving a portion of interpreted language source code containing a computer virus 
(column 4, lines 38-39); 

Parsing the portion of the interpreted language source code containing the computer virus 
into tokens to generate tokenized source code, wherein at least some of the tokens represent key 
actions (column 11, lines 47-49); 

Linearizing at least a portion of the key actions to generate an executing thread (column 
12, lines 43-45); 

Determining the set of minimum key actions in the executing thread required to effect the 
computer virus (column 11, lines 55-58); and 

Storing the set of minimum key actions as a virus signature (column 11, lines 55-58). 

1 5. With respect to claim 26, Chess et al. disclose a computer readable medium, further 
comprising: 

Compiling the virus signature in binary format (column 17, lines 15-20). 

16. With respect to claim 27, Chess et al. disclose a computer readable medium, further 
comprising: 
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Compiling the virus signature with data input by a virus analyst (column 11, lines 39-56); 

and 

Storing the virus signature as part of a virus pattern file (column 17, line 20). 

17. With respect to claim 28, Chess et al. disclose a computer readable medium, wherein the 
virus pattern file further includes a dictionary of key actions (column 17, line 20; column 11, 
lines 55-58; Each signature consists of key actions.). 

18. With respect to claim 29, Chess et al. disclose a computer readable medium, wherein the 
portion of the interpreted language source code is lexically parsed (column 13, line 9-10). 

19. With respect to claim 30, Chess et al. disclose a computer readable medium, wherein the 
portion of the interpreted language source code is lexically and grammatically parsed (column 
13, line 9-10; column 11, lines 60-64). 



20. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 
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21 . Claims 1-4, 11-14, 21-24 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Chandnani et al. (U.S. Publication 2002/0073330). 

22. With respect to claim 1, Chandnani et al. disclose a method for identifying a computer virus 
in interpreted language source code, the method comprising: 

Receiving a portion of interpreted language source code (paragraph 0029, lines 4-5); 

Generating a language-independent representation of the portion of the interpreted 
language source code (paragraph 0020, lines 1-2); 

Comparing the language-independent representation with a virus signature (paragraph 
0064); and 

Determining if the language-independent representation matches the virus signature, 
whereby a match indicates a computer virus has been identified (paragraph 0064). 

23. With respect to claim 2, Chandnani et al. disclose a method, wherein the interpreted 
language source code is a scripting language source code (paragraph 0016, lines 1-2). 

24. With respect to claim 3, Chandnani et al. disclose a method, wherein the virus signature is a 
language-independent representation of an interpreted language source code computer virus 
(paragraph 0055). 
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25. With respect to claim 4, Chandnani et al. disclose a method, wherein the portion of 
interpreted language source code and the virus signature are represented as a linearized string of 
key actions (paragraph 0055). 

26. With respect to claim 11, Chandnani et al. disclose a method (paragraph 0029, line 2) for 
identifying a virus in interpreted language source code, the method comprising: 

Receiving a portion of interpreted language source code (paragraph 0029, lines 4-5); 

Parsing the portion of the interpreted language source code into tokens to generate a 
tokenized source code, wherein at least some of the tokens represent key actions (paragraph 
0020, lines 1-2); 

Extracting selected key actions from the tokenized source code (paragraph 0020, lines 2- 

3), 

Linearizing the key actions to generate an executing thread (paragraph 0020, lines 3-5); 
Comparing the executing thread with a virus signature of a known virus (paragraph 
0064); and 

Determining whether the executing thread matches the virus signature (paragraph 0064). 

27. With respect to claim 21, Chandnani et al. disclose a computer readable medium (paragraph 
0066, lines 1-5) containing program code for identifying a computer virus in interpreted 
language source code, the computer readable medium comprising instructions for: 

Receiving a portion of interpreted language source code (paragraph 0029, lines 4-5); 
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Parsing the portion of the interpreted language source code into tokens to generate a 
tokenized source code, wherein at least some of the tokens represent key actions (paragraph 
0020, lines 1-2); 

Extracting selected key actions from the tokenized source code (paragraph 0020, lines 2- 

3), 

Linearizing the key actions to generate an executing thread (paragraph 0020, lines 3-5); 
Comparing the executing thread with a virus signature of a known virus (paragraph 
0064); and 

Determining whether the executing thread matches the virus signature (paragraph 0064). 

28. With respect to claims 12 and 22, Chandnani et al. disclose a method and medium, further 
comprising: 

Outputting the identification of the known virus (paragraph 0055, lines 9-13; paragraph 
0063, lines 12-15). 

29. With respect to claims 13 and 23, Chandnani et al. disclose a method and medium, wherein 
the portion of the interpreted language source code is lexically parsed (paragraph 0016, lines 8- 
10). 

30. With respect to claim 14 and 24, Chandnani et al. disclose a method and medium, wherein 
the portion of the interpreted language source code is lexically and grammatically parsed 
(paragraph 0017). 
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Claim Rejections - 35 USC § 103 

3 1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

32. Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Chess et al. (U.S. 
Patent 5,485,575) in view of Chandnani et al. (U.S. Publication 2002/0073330). 

33. Chess et al. and Chandnani et al. are analogous art because both are in the field of computer 
security. 

34. With respect to claim 6, Chess et al. disclose the limitations set forth in claim 5, upon which 
claim 6 is dependent, 

35. Chess et al. do not disclose a method wherein the interpreted language source code is a 
scripting language source code. 

Chandnani et al. disclose a method wherein the interpreted language source code is a scripting 
language source code (paragraph 0016, lines 1-2). 
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36. It would have been obvious to one of ordinary skill in the art to have combined the teachings 
of Chandnani et al. with the teachings of Chess et al. in order to prevent potentially terrible 
problems with a computer system or operating system (paragraph 0005). 

Conclusion 

37. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. U.S. Patent 5,452,442 issued to Kephart discloses the limitations of some of the 
independent and dependent claims of the instant application. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ramya Ananthanarayanan whose telephone number is (571) 272- 
5860. The examiner can normally be reached on Monday through Friday, 8:30 -5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 7Q3-872-9306. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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